Friday, November 22, 2024
14.6 C
Los Angeles

FATF Monitoring: Countries Addressing Strategic Deficiencies

Jurisdictions under Increased Monitoring by the FATF Countries...

Former Peruvian President Alejandro Toledo Sentenced to 20+ Years in Odebrecht Bribery Scandal

Former Peruvian President Alejandro Toledo has been...

Ex-Mexican Security Chief Sentenced for Bribery and Aiding Sinaloa Cartel’s Drug Trafficking

Genaro Garcia Luna, Mexico's former Secretary of...

Colombia: The Superintendence of Companies imposes a fine regarding Excel-based risk matrixes

Money LaunderingColombia: The Superintendence of Companies imposes a fine regarding Excel-based risk matrixes

In brief

In a recent decision, the Superintendence of Companies determined that an Excel-based risk matrix of the Self-Control and Integral Management System of Money Laundering, Terrorism Financing and Financing of the Proliferation of mass-destruction weapons risks (SAGRILAFT) and of the Business Transparency and Ethics Program (PTEE) was insufficient because it did not allow to individualize, measure, assess and mitigate the risks identified.

Considering the decision of the Superintendence of Companies, it is important that companies, when preparing a risk matrix, ensure that it allows:

Assess, monitor and mitigate the identified risks.

Measure the likelihood of the inherent and residual risk of each identified risk factor and the impact in case of materialization.

Mitigate risks; to do so, the company must describe the controls applicable to the management of each risk.

The Superintendence of Companies imposed a fine to an e-commerce platform for, among other conducts, not having a risk matrix that would allow it to identify, measure, assess, mitigate and monitor the identified risks, in accordance with the provisions of Chapter X (SAGRILAFT) and XIII (PTEE) of the Basic Legal Circular of the Superintendence of Companies.

In accordance with the provisions of the Superintendence:

The platform had an Excel file with the label “Risk Matrix” that did not allow, under a practical use, to show the individualization, measurement, assessment and mitigation of the identified risks.

The Excel file submitted by the platform was not sufficient to be considered as a risk matrix, in accordance with the provisions of Chapters X and XIII.

Risk matrices are considered the backbone of compliance programs because they include risk identification and management. For the structuring the SAGRILAFT and PTEE it is relevant to analyze how risky or exceptional situations affect corporate strategies and objectives .

Two fines, each one for COP 353,997,972 (c. USD 90,000), were imposed for failure to comply with obligations applicable to SAGRILAFT and PTEE, of which COP 200,000,000 (c. USD 51,000) were related to the lack of an adequate risk matrix.

Spanish version

Story from www.globalcompliancenews.com

Disclaimer: The views expressed in this article are independent views solely of the author(s) expressed in their private capacity.

Check out our other content

Ad


Check out other tags:

Most Popular Articles